Improve namespace label filtering

Signed-off-by: Dyanngg <dingyang@vmware.com>
antrea-io · Feb 28, 2024 · 21d7ac5 · 21d7ac5
1 parent 9c387e1
commit 21d7ac5
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 31 deletions.
diff --git a/pkg/controller/networkpolicy/networkpolicy_controller.go b/pkg/controller/networkpolicy/networkpolicy_controller.go
@@ -94,7 +94,7 @@ const (
 	internalGroupType  grouping.GroupType = "internalGroup"
 
 	perNamespaceRuleIndex   = "hasPerNamespaceRule"
-	namespaceLabelRuleIndex = "hasNamespaceLabelRule"
+	namespaceLabelRuleIndex = "namespaceRuleLabelKeys"
 	hasSuchRule             = "true"
 )
 
@@ -344,10 +344,7 @@ var acnpIndexers = cache.Indexers{
 		if !ok {
 			return []string{}, nil
 		}
-		if hasNSLabelRule := hasNamespaceLabelRule(cnp); hasNSLabelRule {
-			return []string{hasSuchRule}, nil
-		}
-		return []string{}, nil
+		return namespaceRuleLabelKeys(cnp).UnsortedList(), nil
 	},
 }
 

diff --git a/test/e2e/antreaipam_anp_test.go b/test/e2e/antreaipam_anp_test.go
@@ -35,25 +35,25 @@ func initializeAntreaIPAM(t *testing.T, data *TestData) {
 	p8082 = 8082
 	p8085 = 8085
 	pods = []string{"a", "b", "c"}
-	namespaces = make(map[string]string)
-	regularNamespaces := make(map[string]string)
+	namespaces = make(map[string]TestNamespaceMeta)
+	regularNamespaces := make(map[string]TestNamespaceMeta)
 	suffix := randName("")
-	namespaces["x"] = "antrea-x-" + suffix
+	namespaces["x"] = TestNamespaceMeta{
+		Name: "antrea-x-" + suffix,
+	}
 	regularNamespaces["x"] = namespaces["x"]
 	// This function "initializeAntreaIPAM" will be used more than once, and variable "allPods" is global.
 	// It should be empty every time when "initializeAntreaIPAM" is performed, otherwise there will be unexpected
 	// results.
 	allPods = []Pod{}
 	podsByNamespace = make(map[string][]Pod)
-
 	for _, ns := range antreaIPAMNamespaces {
-		namespaces[ns] = ns
+		namespaces[ns] = TestNamespaceMeta{Name: ns}
 	}
-
 	for _, podName := range pods {
 		for _, ns := range namespaces {
-			allPods = append(allPods, NewPod(ns, podName))
-			podsByNamespace[ns] = append(podsByNamespace[ns], NewPod(ns, podName))
+			allPods = append(allPods, NewPod(ns.Name, podName))
+			podsByNamespace[ns.Name] = append(podsByNamespace[ns.Name], NewPod(ns.Name, podName))
 		}
 	}
 
@@ -195,35 +195,29 @@ func testAntreaIPAMACNP(t *testing.T, protocol e2eutils.AntreaPolicyProtocol, ac
 		SetAppliedToGroup([]e2eutils.ACNPAppliedToSpec{{PodSelector: map[string]string{"pod": "c"}}})
 	if isIngress {
 		builder.AddIngress(protocol, &p80, nil, nil, nil, nil, nil, nil, nil, map[string]string{}, nil,
-			nil, nil, nil, nil, false, nil, ruleAction, "", "", nil)
+			nil, nil, nil, nil, nil, nil, ruleAction, "", "", nil)
 		builder2.AddIngress(protocol, &p80, nil, nil, nil, nil, nil, nil, nil, map[string]string{}, nil,
-			nil, nil, nil, nil, false, nil, ruleAction, "", "", nil)
+			nil, nil, nil, nil, nil, nil, ruleAction, "", "", nil)
 		builder3.AddIngress(protocol, &p80, nil, nil, nil, nil, nil, nil, nil, map[string]string{}, nil,
-			nil, nil, nil, nil, false, nil, ruleAction, "", "", nil)
+			nil, nil, nil, nil, nil, nil, ruleAction, "", "", nil)
 	} else {
 		builder.AddEgress(protocol, &p80, nil, nil, nil, nil, nil, nil, nil, map[string]string{}, nil,
-			nil, nil, nil, nil, false, nil, ruleAction, "", "", nil)
+			nil, nil, nil, nil, nil, nil, ruleAction, "", "", nil)
 		builder2.AddEgress(protocol, &p80, nil, nil, nil, nil, nil, nil, nil, map[string]string{}, nil,
-			nil, nil, nil, nil, false, nil, ruleAction, "", "", nil)
+			nil, nil, nil, nil, nil, nil, ruleAction, "", "", nil)
 		builder3.AddEgress(protocol, &p80, nil, nil, nil, nil, nil, nil, nil, map[string]string{}, nil,
-			nil, nil, nil, nil, false, nil, ruleAction, "", "", nil)
+			nil, nil, nil, nil, nil, nil, ruleAction, "", "", nil)
 	}
 
 	reachability := NewReachability(allPods, action)
-	for _, ns := range namespaces {
-		for _, pod := range []string{"/a", "/b", "/c"} {
-			reachability.Expect(Pod(ns+pod), Pod(ns+pod), Connected)
-		}
-	}
+	reachability.ExpectSelf(allPods, Connected)
 	testStep := []*TestStep{
 		{
-			"Port 80",
-			reachability,
-			[]metav1.Object{builder.Get(), builder2.Get(), builder3.Get()},
-			[]int32{80},
-			protocol,
-			0,
-			nil,
+			Name:          "Port 80",
+			Reachability:  reachability,
+			TestResources: []metav1.Object{builder.Get(), builder2.Get(), builder3.Get()},
+			Ports:         []int32{80},
+			Protocol:      protocol,
 		},
 	}
 	testCase := []*TestCase{